Is it really more secure? What about when a domain is hijacked or dns tables are poisoned from hackers?
What if you have a non Apple device in your family of Apple devices?
You can’t very easily login there. I hope Apple will work with IEEE to set a standard for this so everyone can participate.
Yeah, I get how it could be more secure, just not how it could be significantly more convenient. The post above mine said, and others have implied, that's it's very convenient. The original article quotes Apple saying it's frictionless and simple. Well so is letting Safari use FaceID to retrieve my password. In fact, given Safari submits the login form automatically, it sounds like from the user's perspective the interaction will be identical: visit a site, get a prompt for FaceID, tap yes, and you're logged in.One: it is phising-resistant, two: if the data was intercepted or the other side has a database leak, the information is worthless since it cannot be used for future logins.
Yeah, I get how it could be more secure, just not how it could be significantly more convenient.
So it uses FaceID twice - once to unlock your keychain and access your password, and then again directly as the second form of authentication? Or is the idea that using FaceID alone replaces both password and 2FA code, because FaceID is already arguable 2FA in one (it’s your face, something you are, and your phone, something you possess)?Many sites now require two-factor every login. In particular, EU banks and payment services are required by law to do two-factor. Business and school sign-ins are very often two-factor by policy. This is far more convenient, and secure, than fiddling with SMS and code generators every single time, particularly on computers that don't have apps.
So it uses FaceID twice - once to unlock your keychain and access your password, and then again directly as the second form of authentication? Or is the idea that using FaceID alone replaces both password and 2FA code, because FaceID is already arguable 2FA in one (it’s your face, something you are, and your phone, something you possess)?
Sweet, that does sound convenient thenWhen fully implemented, you do not need to enter a username or password, see my earlier description of Microsoft's sign-in. Your second description is right, it represents the biometrics (or a PIN in some cases) and the fact that you posses hardware that stores the key.
I doubt FaceID style Sign In with Apple will use Windows Hello or Linux whatever. It’s probably gonna be redirected to applied.apple.com and you have to punch in your Apple ID information and you have to get a code on your iPhone and type in.Did you read the article? It's saying that Apple platforms will act as a built-in FIDO2 authenticator; something that Windows and Android already do today.
Exactly like Microsoft did, they implemented FIDO2 locked to their own site first, and are now expanding it to other sites.
I doubt FaceID style Sign In with Apple will use Windows Hello or Linux whatever. It’s probably gonna be redirected to applied.apple.com and you have to punch in your Apple ID information and you have to get a code on your iPhone and type in.
Authentication and Passwords
New Features
- Added a Web Authentication platform authenticator using Face ID or Touch ID, depending on which capability is present.
Does that work on Windows for Sign In with Apple?Read the Safari 14 Beta release notes. It says exactly what I said.
Does that work on Windows for Sign In with Apple?